禁用所有免费 ARP、TCP 和 HTML 查询 Windows 7

禁用所有免费 ARP、TCP 和 HTML 查询 Windows 7

我们有一个运行 Microchip 固件的机器控制器,通过 LAN (eth0) 100% 与 LINUX 计算机配合使用 14 年。现在需要使用 Windows 7 运行。不幸的是,Windows 定期发出一大堆无端请求。最终这些请求导致微控制器崩溃。我尝试过禁用 LLMNR、IGMP、SSDP、路由、IPV6、ARP 和 NBT-NS。有帮助但没有解决。如果我可以停止 svchost 请求,那会有所帮助,因为 ARP 请求似乎不是问题。

编辑:svchost 已禁用:o))“在 Windows 中禁用主动 Internet 探测 (NCSI)”

{Frame       Time Date                               Time Offset          Process Name            Source                       Destination              Protocal     Description
1   10:59:48 14/08/2017 12.3275999                          NetmonFilter    NetmonFilter:Updated Capture Filter: None   
2   10:59:48 14/08/2017 12.3275999                          NetworkInfoEx   NetworkInfoEx:Network info for , Network Adapter Count = 1  
3   10:59:48 14/08/2017 12.3275999          192.168.1.20    192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6  
4   10:59:48 14/08/2017 12.3282422          192.168.1.6 192.168.1.20    ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
5   10:59:49 14/08/2017 12.4985887          0.0.0.0     192.168.1.20     ARP    ARP:Request, 0.0.0.0 asks for 192.168.1.20  
6   10:59:49 14/08/2017 12.4986781          192.168.1.20    224.0.0.22      IGMP    IGMP:IGMPv3 Membership Report   {IPv4:1}
7   10:59:49 14/08/2017 12.4992127          192.168.1.6 0.0.0.0     ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
8   10:59:49 14/08/2017 12.9986822          192.168.1.20    224.0.0.22      IGMP    IGMP:IGMPv3 Membership Report   {IPv4:1}
9   10:59:50 14/08/2017 13.4986212          0.0.0.0     192.168.1.20    ARP ARP:Request, 0.0.0.0 asks for 192.168.1.20  
10  10:59:50 14/08/2017 13.4992550          192.168.1.6 0.0.0.0     ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
11  10:59:51 14/08/2017 14.4986969          0.0.0.0     192.168.1.20    ARP ARP:Request, 0.0.0.0 asks for 192.168.1.20  
12  10:59:51 14/08/2017 14.4994162          92.168.1.6      0.0.0.0     ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
13  10:59:52 14/08/2017 15.5147308          192.168.1.20    192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6  
14  10:59:52 14/08/2017 15.5153513          192.168.1.6 192.168.1.20    ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
15  10:59:52 14/08/2017 15.5396148          192.168.1.20    192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6  
16  10:59:52 14/08/2017 15.5402584          192.168.1.6 192.168.1.20    ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
17  10:59:52 14/08/2017 15.5528560          192.168.1.20    192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6  
18  10:59:52 14/08/2017 15.5535065          192.168.1.6 192.168.1.20    ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
19  10:59:56 14/08/2017 19.5214914  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:Flags=......S., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891366, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192  {TCP:3, IPv4:2}
20  10:59:56 14/08/2017 19.5223390  svchost.exe 88.221.254.123  192.168.1.20    TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=54230, PayloadLen=0, Seq=0, Ack=4050891367, Win=4096 ( Scale factor not supported ) = 4096    {TCP:3, IPv4:2}
21  10:59:56 14/08/2017 19.5223857  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:Flags=...A...., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891367, Ack=1, Win=17520 (scale factor 0x0) = 17520  {TCP:3, IPv4:2}
22  10:59:56 14/08/2017 19.5226940  svchost.exe 192.168.1.20    88.221.254.123  HTTP    HTTP:Request, GET /ncsi.txt     {HTTP:4, TCP:3, IPv4:2}
23  10:59:56 14/08/2017 19.8278302  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
24  10:59:56 14/08/2017 20.4281386  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
25  10:59:58 14/08/2017 21.6281447  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
26  10:59:59 14/08/2017 22.8281828  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
27  11:00:00 14/08/2017 24.0282154  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
28  11:00:01 14/08/2017 24.9982180          192.168.1.20    192.168.1.6 ARP ARP:Request, 192.168.1.20 asks for 192.168.1.6  
29  11:00:01 14/08/2017 24.9988881          192.168.1.6 192.168.1.20    ARP ARP:Response, 192.168.1.6 at 00-04-A3-00-A9-F9  
30  11:00:02 14/08/2017 26.4282788  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
31  11:00:07 14/08/2017 31.2258517  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:[ReTransmit #22]Flags=...AP..., SrcPort=54230, DstPort=HTTP(80), PayloadLen=97, Seq=4050891367 - 4050891464, Ack=1, Win=17520 (scale factor 0x0) = 17520    {TCP:3, IPv4:2}
32  11:00:17 14/08/2017 40.8293165  svchost.exe 192.168.1.20    88.221.254.123  TCP TCP:Flags=...A.R.., SrcPort=54230, DstPort=HTTP(80), PayloadLen=0, Seq=4050891464, Ack=1, Win=0 (scale factor 0x0) = 0  {TCP:3, IPv4:2}

答案1

一般来说,网络设备应该能够应对无端流量,但除了尝试关闭客户端上的流量之外,还有各种方法。客户端方法很耗时,而且一旦发生任何变化,就很容易需要进一步干预。网络方法针对问题的根源(机器控制器),并且是永久性的:

  1. 将设备放在自己的网络(网段)上。这将彻底消除所有广播流量。您还可以通过过滤路由器/防火墙非常轻松地限制对设备的访问。新的网段/子网可以是专用路由器端口、连接到路由器端口的交换机或 VLAN。

  2. 将设备放在能够使用 ACL 的交换机上,并在端口级别过滤所有不需要的流量。最有可能的是,您只想允许几个源 IP 或 MAC 地址,并丢弃所有其他地址。

  3. 一些交换机支持“保护端口”功能,您可以限制机器控制器的端口仅与所需的端口进行通信。

相关内容